Nothing quite like a good headline, is there? I’m not talking about the title of this piece, but rather one I read this morning, entitled “United States of ‘Holy F*ck, this is easy!’”
Now, it seems to me that you can’t really argue with a heading that combines reverence for nationhood with the language of a navy stoker. But when I dug deeper into the content of the piece, its central revelatory proposition – the idea that Google now enables you to “send” large files up to 10GB – melted away to nothing, like yesteryear’s swearwords.
This was quite simply because the writer had completely avoided the question of security. Well, sorry, Mr. Holy F*cker, but bigger files = meatier content = higher risk = greater attractiveness to anyone who would potentially like to get their hands on your stuff. Surely that’s the story here, gadzooks?
Well, actually, it’s only half of the story. And not even the half that a lot of people seem to be most worried about. Let me explain this a little further.
But what a lot of people are now coming to realise is that you can actually become the willing exponent of your own digital insecurity. Why? Because you choose to hand over your data in some way to a vendor or organisation whose economic model and operating policies require them to be able to see or understand your data in some way.
This is the scenario that tends to apply to storage and file transfer websites – like Google Drive. They’re constantly exploring the content of your files – electronically or otherwise – and then working out how they can make money out of them. All perfectly legal, but doesn’t it somewhat fly in the face of the reasoning behind storing this material somewhere other than your hard drive in the first place?
It’s a simple statement of logic: if the definition of security is that data is only visible to its originator and the desired recipient(s), then a service that can access and see that data means, by definition, the data is not secure in that service. For “that service” read Google Drive.
The now infamous General Petraeus found out very quickly what consequences the insecurity of data can bring. But let’s look more closely at the Google example, specifically. It is problematic for me, and will be for a lot of other people too, not only because Google Drive in itself is “voluntarily insecure”, as I’ve described above, but because that site also now forms the basis of the large file transfer service that Google has made available from your Gmail inbox.
Consider the following:
So, to summarise, instead of insecure file storage, you now have insecure file storage PLUS the ability to extend the insecurity of that site to the action of sending and receiving files as well.
Now do you understand why I (and others) are worried about this?
Actually, it’s not. Large file transfer via email is both beneficial and desirable. File outputs are becoming bigger and bigger, as the authoring software that creates them becomes more powerful. Medical imaging, animation and motion graphics, movies, hi-res photography, photogrammetry – the average size of files in these and other disciplines is already huge and is growing constantly.
Moving these files around represents a real headache when you consider that, according to research carried out recently, 89% of workers are unable to send or receive emails in excess of 15MB. And, at the same time, the average number of files we are all sending is increasing; still more research indicates that, in 2009, corporate users sent and received, on average, 37 attached files per user, per day; in 2013, that will rise to 53 attachments.
So Google’s attempt to bring large file transfer back down to the “ground zero” of the inbox, and its use of a creative way to get round the transport limitations of the email client, is to be applauded. We all need this stuff. But what we don’t need is Google – or any other provider – looking at our stuff.
I’ve said it before, and I’ll say it again, unless it’s secure enough that the security vendor themselves can’t open it, it ain’t secure by my reckoning.
Editor’s note: Google did not respond to a request for comment on Spector’s comments.
Brian Spector is CEO of security company CertVox
Think you’re a security pro? Try our quiz!
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
View Comments
No one sane would 'send' a ten gigabyte file.
Heck, no one sane would send an attachment at all if they had half a brain. With modern file sharing systems you upload and present a link to your compatriot and then you properly control access levels - read only, read write.
I think there may come a day fairly soon when people start to realise that all along, Google is an advertising company and it's been selling us for decades. Why else do I see dog shampoo adverts when web browsing when I turn adblock off? I mentioned it once to my father and bang! Indexed, searched, ads served.
Yes!
Google Drive HAS two factort authetication. You can download th google authenticator (radius software device) from apple and google play store. Link this to your google account/drive. http://en.wikipedia.org/wiki/Google_Authenticator
I dont see the problem, Google gives you, the user loads of free apps and asks for a little in return, in fact they give more away than any other (free) provider.
If you are in Business then you wouldn't use the free service, you will be paying for a quality cloud service. If your a business and using the free apps service then you only have yourself to blame for any of the fears or concerns that you have.